For IT & Telecom Solutions Call (310) 955-1600
  • Contact Us

If you have recently implemented a Software Defined Wide Area Network (SD WAN), or are still considering your migration options, the concept of network function virtualization (NVF) may still be a new one for you. And with so many networking hardware components now able to be switched out for virtualized alternatives, it can be difficult to know where to start.

To help you make that choice, beyond SD WAN, here are five potential use cases for NFV that can be added seamlessly and easily:

Session Border Controllers (SBCs)

With their awareness of Session Initiation Protocol (SIP), SBCs provide a vital security and connectivity service at the higher end of the OSI stack (right up to level 7). SBCs protect businesses from high-level cybercrime, and they can also help to harmonize on-site servers with remote data centers.

As you move into the cloud, the opportunity to scale likely requires an increase in throughput, while the potential for more serious and sophisticated cybercrime must also be considered.

If you are currently running SBC hardware instances at your premises or data centers, you might need a more powerful version sooner than you think. Make sure you weigh the capex and opex savings potential by switching to one of the virtual licensed options on the market instead (you may find this software labeled VE – virtual edition – or similar).

Before making the switch, be sure to check that the virtual SBC will be compatible with the appropriate hypervisors on your network.

Load Balancers

If you are currently running load balancer hardware for managing resource use and throughput, this function can also now be virtualized. These VM kits are often termed “application delivery controllers” (ADCs), and they can carry out many of the same functions as a hardware unit.

The basic task of a load balancer is to distribute incoming traffic between various backend servers so as to optimize resource use, avoid overload and reduce application response time. However, there are numerous specific features to consider when opting for a particular deployment. These include asymmetric load, priority activation, DDoS mitigation, HTTP compression, rate shaping and TCP buffering, among others. The specific set of features you need will depend on the characteristics of the data flowing through your network. Virtual load balancers can be flexibly configured to suit your network.

As with all virtual network functions (VNFs), ADCs need to be checked for OS and hypervisor dependencies to ensure they will run on your network.


Of all potential VNFs, the firewall tends to attract the most debate. Some businesses, even those who otherwise favor virtualization, prefer to retain physical firewalls with a purpose-built OS and the security of a dedicated support team. Firewalls tend to be simple for in-house tech teams to repair and configure, which can mean they are up and running before host-based issues are resolved.

The boundary between virtual firewalls and physical appliances is quickly becoming blurred. For example, newer firewall appliances often contain loadable kernel modules with access via a web interface.

The next step is complete firewall virtualization with packet filter and monitoring software running on a virtual machine (VM) and the kernel within a hypervisor. Such a virtual firewall has the advantage of scalability, with extra resources able to be provisioned at a moment’s notice. Physical devices have to be powerful enough to cope with the throughput; underpowered firewalls can lead to network problems.

Intrusion Detection Systems

An intrusion detection system (IDS) is a good candidate for virtualization. This is a second line of defense which sits behind a firewall, analyzing traffic at strategic defense points within and on the perimeter of a network. If your IDS is unable to cope with the traffic coming through your firewall, you could end up with a bottleneck or lost packets, potentially missing a threat to your security.

Since a virtual IDS can draw on additional resources at peak times, this can provide more robust protection. An active IDS, sometimes termed an intrusion prevention system (IPS) or intrusion detection and protection system (IDP), can go one step further by dropping TCP connections or carrying out other actions in response to a threat.

Of course, there is no reason why you can’t combine both options, with a virtualized IDS to protect mission critical infrastructure and a physical device on the perimeter.

WAN Optimizers

WAN optimizers are a powerful tool for businesses looking to increase performance across their network. Real-time data compression, path conditioning, traffic shaping and other data and network management functions combine to overcome the many challenges to bandwidth availability and signal quality.

WAN optimizer or accelerator software can be bundled with other useful services and easily run on a hypervisor in order to be deployed wherever it makes economical sense. An instance can even be linked to specific applications, if necessary. This makes migration of that application between data centers or into the cloud much easier since it will continue to be optimized during transition. This is not possible with hardware-based WAN optimizers, which have to be locally deployed at specific branches or data centers. There is a third way, with some third parties offering (as a part of their services) an optimized private network into which company branches can connect.

The amount of network traffic supported can vary widely between vendors, which is where SD WAN consultants like Shamrock Consulting come in.

How Shamrock Can Help

Shamrock partners with all of the best WAN providers in the industry and can give a whole market perspective on NFV options for your business. Best of all, we offer a free consultation to help you make an informed decision based on your unique requirements and budget constraints.

Migrating from a physical to hybrid environment is a big step to take, but Shamrock make the transition much smoother by helping you choose which functions to virtualize and by identifying which vendors offer the best service for the best price.

Shamrock has worked on some of the largest enterprise SD WAN RFPs to date, and our expertise with audit, design and procurement make us the perfect partner to facilitate the virtualization of your business.

Ben Ferguson

Ben Ferguson

Ben Ferguson is the Vice President and Senior Network Architect for Shamrock Consulting Group, an industry leader in digital transformation solutions. Since his departure from Biochemical research in 2004, Ben has built core competencies around cloud direct connects and cloud cost reduction, enterprise wide area network architecture, high density data center deployments, cybersecurity and Voice over IP telephony. Ben has designed hundreds of complex networks for some of the largest companies in the world and he’s helped Shamrock become a top partner of the 3 largest public cloud platforms for AWS, Azure and GCP consulting. When he takes the occasional break from designing networks, he enjoys surfing, golf, working out, trying new restaurants and spending time with his wife, Linsey, his son, Weston and his dog, Hamilton.

Learn About Our Best Price Guarantee